PC Tools today revealed that it has identified and disclosed the source code for a new variant of the Kraken bot, also known as 'Bobax'.

Unpredictable bot Bobax difficult to spot

Email this to a friend

PC Tools today revealed that it has identified and disclosed the source code for a new variant of the Kraken bot, also known as 'Bobax'.

And the security vendor told PC Advisor the latest Kraken variant is a serious threat because it employs previously unseen detection-evasion techniques.

Sergei Shevchenko, Senior Malware Researcher, PC Tools, said: "PC Tools is revealing the details of the latest Kraken variant including the new list of domain names as well as the mathematical algorithm used.

"The source code of the Kraken domain name generation algorithm is disclosed in the interests of congregating all the knowledge about this bot so that other security specialists can benefit from it.

"The more collective knowledge security vendors have over this threat, the greater the chance the industry has of defeating it," said Shevchenko.

According to PC Tools' malware researchers, the latest Kraken variant is difficult to spot using traditional signature-based antimalware solutions. The latest variant of Kraken was first intercepted and blocked by behavioural-based antimalware software.

Malware researchers at PC Tools told PC Advisor that the new Kraken variant uses unpredictability to make it more different to spot - hence the relative merits of behavioural antimalware in this instance.

But the true benefit of using behavioural rather than signature-based security software is less clear cut, according to Kaspersky Lab. David Emm, senior technology consultant at Kaspersky, last week told PC Advisor that although behavioural software is a very useful part of a multilayered approach to security, in his view signatures retained primary importance.

"With the help of new technologies… it will be possible for a four-fold increase in the number of new signatures to combat the 10-fold increase in the number of new malicious programs," Emm said.

He added: "Such technologies allow one signature to successfully neutralise dozens or even hundreds of different types of malicious programs."

Never the less, both Kaspersky and PC Tools agree that behavioural protection forms a crucial part of your PC's defences. A PC Tools' spokeswoman told us that the company agreed with Kaspersky Lab that a multi-layered approach to security is the way to go. Signature detection would not, for instance, pick up a zero-day attack.

"Signatures are good but not enough. You need behaviour-based too," she said.